Cyber Security Delhi

Tuesday, April 30, 2019

Large number of people specially parents and teachers ask questions on cyber security and cyber crime; moreover they are keen in knowing how can they safegaurd their children and students. So, I am writing few Cyber Safety Tips for school going children parents and students.

One of the major cyber security problem faced by school students is Cyber Bullying.

Cyber Bullying is not something new, it used to happen earlier also that time it was only bullying. Because now we live in digital world and can not imagine to sustain without mobile devices like cell phones, iPad, Tabs, Laptops etc so bullying is replaced by cyber bullying.

Cyber bullying meaning can be in form of MMS, SMS, email and it becomes very harmful and threatening when done on social media like Facebook, Twitter, Instagram etc.

Be careful -

If your child behave is changing, he or she is more aggressive now.
If all of sudden your child stops talking with you or friends.
If he/she stops using digital devices or is scared.

Tips for Cyber bullying-

Talk to your children and students, spend time with them.

Make aware your children that cyber bullying is a punishable crime so that neither they themselves don't indulge into any cyber bullying activities nor allow anyone to tease them.

Let your children and students know speaking negatively about anyone or abusing on social media is offensive and it can be reported to police.

Even if they know about any third person who is victim of cyber bullying, they should help the victim. Report the matter to parents or teaches immediately.

Tell them not to delete offensive messages as it will help police in investigation.

In India, there is online platform to report any cyber crime including cyber bullying.

Subscribe the blog to get updates

https://cybersecurityaudits.blogspot.in

or write at cyberpathshala@gmail.com

Disclaimer: Kindly do not post any defamatory, infringing, obscene, indecent,
discriminatory or unlawful material or information.

Thursday, June 21, 2018

BlockChain- BlockChain fundamentally is ever expanding database similar to bank ledger. Rather modifying existing entry, new entry is made and then made public. BlockChain database is dependent on encryption thus making it safe.

BlockChain can revolutionize the IT industry, most people think that BlockChain is a technology that powers crypto currency like Bitcoin. Yes, initially blockchain’s first version was used for crypto currency but its role has expanded a lot now and can be applied to bigger industries to prevent manipulation, bring transparency and will built trust in the data. It will not only expedite the process but will reduce the cost as well, depending upon the way it is implemented. BlockChain can act as monitoring mechanism and boost quality control.

BlockChain- BlockChain stores information in batches called as block and these blocks are linked together in a chronological fashion forming a chain, thus called as BlockChain.

BlockChain is-

Digital Ledger

Distributed Database

Decentralized

Chronologically Linked and Time Stamped

A peer to peer network that revokes the need of intermediaries.

There are three versions of BlockChain.

BlockChain 1.0-
The implementation of Distribution Ledger Technology led to first application ie crypto currency. Crypto currency transactions are based on BlockChain Technology and Bitcoin is the perfect example .BlockChain 2.0-
It led to Smart Contracts application. Smart contracts are computer programs or applications based on BlockChain Technology. These applications execute automatically, and check predefined conditions like verification and enforcement. Smart Contracts can be used to replace for traditional business contracts.

BlockChain 3.0-
It has decentralization concept and applications have their backend code on decentralized peer to peer network.

Thursday, December 14, 2017

A boarding pass is a document provided by an airline during checkin, giving a passenger permission to enter the restricted area of an airport and to board
the airplane for a particular flight. At a minimum, it identifies the
passenger, the flight number, and the date and scheduled time for
departure. In some cases, flyers can check in online and print the
boarding passes themselves. A boarding pass may be required for a
passenger to enter a secure area of an airport. Most airports and airlines have automatic readers that will verify the validity of the boarding pass at the boarding gate. This also automatically updates the airline's
database that shows the passenger has boarded and the seat is used, and
that the checked baggage for that passenger may stay aboard. This speeds
up the paperwork process at the gate, but requires passengers with
paper tickets to check in, surrender the ticket, and receive the
digitized boarding pass. Source- https://en.wikipedia.org/wiki/Boarding_pass

According to “Krebs on Security” there is personal information encrypted
on your boarding pass. After someone took a screen shot of the bar code
on the ticket, you will be amazed of how much personal information that
person can get about you: home address, banking info, email address,
phone number. Source- https://krebsonsecurity.com/2015/10/whats-in-a-boarding-pass-barcode-a-lot/

QR Code:

QR code or Quick Response code is a matrix bar code
which can be read by an imaging device for example camera and then processed to read its
data. The QR code is simply an array of bits to be identified by a scanner.
Bits are reserved for the scanner to be able to identify and orient the image,
as well as for version and format information. QR codes are really useful and
help us to complete tasks faster in smartphones. You can quickly open a website
just by scanning a QR code and you do not need to manually type the URL in your
smartphone.

QR code has been successfully implemented in the global
payments industry, as well. Because it is easy to generate a QR code, the
system offers convenience to businesses and consumers, alike. It can be printed
on business cards, points of sale, and product labels which customers can
simply scan to pay for a product or service.

With the increase in usage of QR codes in the general
public, it is necessary to ensure that the data conveyed through the QR code is
not harmful to the user. There are currently two major attack vectors for
potential vulnerabilities: attacks on human interactions and automated attacks.

Attacks on human interactions:

Attacks on human interactions rely on the fact that
humans by themselves are unable to interpret what information is encoded in QR
codes, and thus rely on QR code readers to decode the information. Since the
information in the QR code is completely obfuscated, it is possible to trick
and attack users via phishing, pharming, and other social engineering attacks
by putting up fake QR codes. It is also possible to attack users by
manipulating and exploiting existing QR code readers that users use via command
injection or buffer overflows.

Phishing:

Phishing is the main security issue involved with QR
codes. It is also described as QRishing. QR codes are generally scanned by a
smartphone camera to visit a website. Now, many website advertisements put QR
code along with a URL so users can quickly scan QR code to visit the website.

Hackers or scammers try to change the QR code added in
the poster. They can also print the similar kind of fake posters and put in
public places.

Innocent customers will scan these fake QR codes to visit
the websites but they will be redirected to phishing websites. In mobile
devices, it is hard to check the full address in the browsers. Due to limited
space, browsers do not show the full address in the URL field. And most people
never try to check the full address, which makes users more vulnerable. When
they use this phishing page to login, their passwords are compromised.

In the same way, attackers can use QR codes to point to
malicious websites to distribute malware via drive by download attack. Drive by
download attacks are attacks in which a website forcefully downloads software
in your device when you visit the website.

Automated attacks:

Automated attacks often result from the assumption that
the encoded information in QR codes is sanitized. However, it is known that QR
codes themselves can easily be manipulated in order to change encoded
information, potentially producing attacks on backend software. Without QR code
input sanitation, it is possible to produce attacks such as SQL injection,
command injection, and fraud.

Best practices for Users:

QRishing & Drive by download attacks can be prevented
by following the below mentioned best practices.

Observe before Use:

If you find a QR code in any banner advertisement in a
public place, look at it closely. Most of the times, hackers stick their fake
QR code above the legitimate QR code in a legitimate poster. So try to see if
it is real or not. One can check by touching the poster. If it does not look
like it’s actually printed on the
poster, do not use it. If you are not sure, never scan that QR code.

Never provide personal or login information:

Always be suspicious of the page you land on via QR code.
Never share your personal information on these pages. Only do this if the QR
code is from a very trusted source and you trust the website. For login, always
enter the URL manually on the browser’s
address bar.

Look at URL before Clicking:

Looking at the QR code does not confirm whether it is
malicious or not.

Some QR Code readers let you see the URL and ask to
confirm whether you want to visit the URL before it links you to the
destination. You can use these QR code scanners to know what URL the QR code
will send you. Just remember that many QR Codes use shortened URLs so this
strategy won't always work.

Best practices for Merchants

Include signage telling the user what
the code does. Otherwise the user has no way of knowing if the code should point to a URL,
phone number, or SMS.

Print the URL near to the code. This
way if the code is hijacked and pointed to evil website
the user can see they're not visiting the correct site.

Include https in the URL. Get users
used to checking for https before they interact with you.

Every time you put out a QR code in a
public area, you should know where it is. If a code is on a billboard, on a
storefront, or anywhere else it can be accessed by the public, it could be at
risk. You will know your code is working correctly when you see
"normal" traffic through it. If the traffic suddenly stops, ensure
that the code is still there and hasn't been tampered with.

Distinctive, branded QR codes with
special colours or other design features are far more likely to get attention, and it
will help people to know that they are dealing with a legitimate link to your
brand and not a counterfeit code. It will be much more difficult for a hacker
to simulate a highly designed and colourful code than a plain one.